Home Explore Help
Sign In
pi31415
/
librecmc-package-feed
forked from libreCMC/package-feed
1
0
Fork 0
Files
Tree: 181dbb04e2
Branches Tags
librecmc-packag...
/
net
/
haproxy
/
patches
/
0001-BUG-MEDIUM-ssl-Dont-always-treat-SSL_ERROR_SYSCALL-as-unrecovarable.patch

0001-BUG-MEDIUM-ssl-Dont-always-treat-SSL_ERROR_SYSCALL-as-unrecovarable.patch 2.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. From 2fcd544272a5498ffa49544e9f06b51bc93e55d1 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Olivier Houchard <ohouchard@haproxy.com>
    3. 

  3. Date: Tue, 13 Feb 2018 15:17:23 +0100
    4. 

  4. Subject: [PATCH] BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as
    5. 

  5.  unrecovarable.
    6. 

  6. 

  7. Bart Geesink reported some random errors appearing under the form of
    8. 

  8. termination flags SD in the logs for connections involving SSL traffic
    9. 

  9. to reach the servers.
    10. 

  10. 

  11. Tomek Gacek and Mateusz Malek finally narrowed down the problem to commit
    12. 

  12. c2aae74 ("MEDIUM: ssl: Handle early data with OpenSSL 1.1.1"). It happens
    13. 

  13. that the special case of SSL_ERROR_SYSCALL isn't handled anymore since
    14. 

  14. this commit.
    15. 

  15. 

  16. SSL_read() might return <= 0, and SSL_get_erro() return SSL_ERROR_SYSCALL,
    17. 

  17. without meaning the connection is gone. Before flagging the connection
    18. 

  18. as in error, check the errno value.
    19. 

  19. 

  20. This should be backported to 1.8.
    21. 

  21. 

  22. (cherry picked from commit 7e2e505006feb8f3b4a7f9e0ac5e89b5a8c4895e)
    23. 

  23. Signed-off-by: Willy Tarreau <w@1wt.eu>
    24. 

  24. ---
    25. 

  25.  src/ssl_sock.c |    9 ++++++++-
    26. 

  26.  1 file changed, 8 insertions(+), 1 deletion(-)
    27. 

  27. 

  28. diff --git a/src/ssl_sock.c b/src/ssl_sock.c
    29. 

  29. index aecf3dd..f118724 100644
    30. 

  30. --- a/src/ssl_sock.c
    31. 

  31. +++ b/src/ssl_sock.c
    32. 

  32. @@ -5437,6 +5437,12 @@ static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int coun
    33. 

  33.  				break;
    34. 

  34.  			} else if (ret == SSL_ERROR_ZERO_RETURN)
    35. 

  35.  				goto read0;
    36. 

  36. +			/* For SSL_ERROR_SYSCALL, make sure the error is
    37. 

  37. +			 * unrecoverable before flagging the connection as
    38. 

  38. +			 * in error.
    39. 

  39. +			 */
    40. 

  40. +			if (ret == SSL_ERROR_SYSCALL && (!errno || errno == EAGAIN))
    41. 

  41. +				goto clear_ssl_error;
    42. 

  42.  			/* otherwise it's a real error */
    43. 

  43.  			goto out_error;
    44. 

  44.  		}
    45. 

  45. @@ -5451,11 +5457,12 @@ static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int coun
    46. 

  46.  	conn_sock_read0(conn);
    47. 

  47.  	goto leave;
    48. 

  48.   out_error:
    49. 

  49. +	conn->flags |= CO_FL_ERROR;
    50. 

  50. +clear_ssl_error:
    51. 

  51.  	/* Clear openssl global errors stack */
    52. 

  52.  	ssl_sock_dump_errors(conn);
    53. 

  53.  	ERR_clear_error();
    54. 

  54.  
    55. 

  55. -	conn->flags |= CO_FL_ERROR;
    56. 

  56.  	goto leave;
    57. 

  57.  }
    58. 

  58.  
    59. 

  59. -- 
    60. 

  60. 1.7.10.4
    61. 

  61.